SecureRun Scope - User Vs System

Products Endpoint Policy Manager Discussions & Questions
,
1

Hello All,

We’re currently in the process of testing and deploying LPM (Endpoint Policy Manager) and was wondering what people’s thoughts are in regard to using SecureRun on a User vs System basis. I’ve read through the scenarios in Netwrix Documentation

We initially started SecureRun with the scope being only Users and started tuning what we need for that. I’ve been generally satisfied with the amount of admin for this now that we’ve somewhat set a “baseline”. I recently swapped us over to Users and System and am finding the admin overhead to be a good bit greater. Ideally, we would love to block both and pinhole things as needed but we also currently don’t have any users with local admin so part of me feels comfortable to just roll it in just the user scope.

Does anyone who has rolled this out in one capacity or the other have any real-life advice/suggestions/comments/concerns/etc?

3 Likes
2

Hi Adrian,

To be as secure as possible, I generally recommend User and Computer. I want to ensure that any apps aren’t running unauthorized processes. But at the end of the day, it’s about ROI (the investment here being your time). Having said all that, if you haven’t already, look at implementing Auditing through Global Settings. It’s a great way to see what’s happening before you turn SecureRun on.

2 Likes
3

Here’s a video which takes it to Level 11… Netwrix Documentation

2 Likes